JVNDB-2010-000035

Access Analyzer CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.

According to the developer, users of the Professional version that are using the "Method to load js files for tags within the head tag" as stated in the manual are not affected by this vulnerability.

Katsumi Kobayashi of NRI Secure Technologies, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.